Verify the stateless firewall filter configured in Configuring a Routing Engine Firewall Filter to Protect Against TCP and ICMP Floods.
To verify that the actions of the firewall filter terms are taken, send packets to the Services Router that match the terms. In addition, verify that the filter actions are not taken for packets that do not match.
user@host> telnet 192.168.249.71
Trying 192.168.249.71... Connected to host.acme.net. Escape character is '^]'. host (ttyp0) login: user Password: --- JUNOS 6.4-20040521.1 built 2004-05-21 09:38:12 UTC user@host>
user@host> ping 192.168.249.71
PING host-ge-000.acme.net (192.168.249.71): 56 data bytes 64 bytes from 192.168.249.71: icmp_seq=0 ttl=253 time=11.946 ms 64 bytes from 192.168.249.71: icmp_seq=1 ttl=253 time=19.474 ms 64 bytes from 192.168.249.71: icmp_seq=2 ttl=253 time=14.639 ms ...
user@host> ping 192.168.249.71 size 20000
PING host-ge-000.acme.net (192.168.249.71): 20000 data bytes ^C --- host-ge-000.acme.net ping statistics --- 12 packets transmitted, 0 packets received, 100% packet loss
Verify the following information:
For more information about the ping command, see the J-series Services Router Administration Guide or the JUNOS System Basics and Services Command Reference.
For information about using the J-Web interface to ping a host, see the J-series Services Router Administration Guide.
For more information about the telnet command, see the J-series Services Router Administration Guide or the JUNOS System Basics and Services Command Reference.